[drupal-devel] simple and effective comment spam prevention exists
and works
Harry Slaughter
harry at slaughters.com
Sat Oct 1 07:15:19 UTC 2005
after reading this article:
http://www.dvorak.org/blog/?p=2904
i'm now using this rule in .htaccess (in rewrite block above the "?q"
rewrite rule [which would override this rule]):
# Try to prevent comment spam. Attempts to post comments are 403 if they
# aren't coming from within site. This will prevent clients that
don't send
# referrer from posting comments, but I'm not aware of any modern
browser that
# does not send a referrer
RewriteCond %{HTTP_REFERER} "!^http://(www.)?slaughters.com/.*$" [NC]
RewriteCond %{THE_REQUEST} "POST /comment/reply/.*"
RewriteRule .* - [F]
i believe the domain name can be replaced with a var to make it generic.
i'm just not sure if there are cases where a valid client does not send
a referrer.
i switched from MT to Drupal largely because my site had become a spam
repository. i know there are lots of modules that try to prevent spam,
but i prefer simplicity where possible.
of course, it's probably only a matter of time until spammers spoof
headers to circumvent this, but i'm sure it can be tweaked to keep up
with the bastards.
anyway, this is the anti-spam approach i'm going to use for now. thought
there might be more general interest in it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: harry.vcf
Type: text/x-vcard
Size: 255 bytes
Desc: not available
Url : http://drupal3.drupal.org/pipermail/development/attachments/20051001/17ddcd67/harry.vcf
More information about the drupal-devel
mailing list